ID de Prueba:	1.3.6.1.4.1.25623.1.0.66023
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:267 (xmlsec1)
Resumen:	The remote host is missing an update to xmlsec1;announced via advisory MDVSA-2009:267.
Descripción:	Summary: The remote host is missing an update to xmlsec1 announced via advisory MDVSA-2009:267. Vulnerability Insight: A vulnerability has been found and corrected in xmlsec1: A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1 prior to 1.2.12. An attacker could use this flaw to create a specially-crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification (CVE-2009-0217). This update fixes this vulnerability. Affected: 2008.1, 2009.0, 2009.1, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0217 AIX APAR: PK80596 http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023545&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere AIX APAR: PK80627 http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023723&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html BugTraq ID: 35671 http://www.securityfocus.com/bid/35671 Cert/CC Advisory: TA09-294A http://www.us-cert.gov/cas/techalerts/TA09-294A.html Cert/CC Advisory: TA10-159B http://www.us-cert.gov/cas/techalerts/TA10-159B.html CERT/CC vulnerability note: VU#466161 http://www.kb.cert.org/vuls/id/466161 Debian Security Information: DSA-1995 (Google Search) http://www.debian.org/security/2010/dsa-1995 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml HPdes Security Advisory: HPSBUX02476 http://marc.info/?l=bugtraq&m=125787273209737&w=2 HPdes Security Advisory: SSRT090250 http://www.mandriva.com/security/advisories?name=MDVSA-2009:209 http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html Microsoft Security Bulletin: MS10-041 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041 http://osvdb.org/55895 http://osvdb.org/55907 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717 RedHat Security Advisories: RHSA-2009:1200 https://rhn.redhat.com/errata/RHSA-2009-1200.html RedHat Security Advisories: RHSA-2009:1201 https://rhn.redhat.com/errata/RHSA-2009-1201.html RedHat Security Advisories: RHSA-2009:1428 https://rhn.redhat.com/errata/RHSA-2009-1428.html RedHat Security Advisories: RHSA-2009:1636 https://rhn.redhat.com/errata/RHSA-2009-1636.html RedHat Security Advisories: RHSA-2009:1637 https://rhn.redhat.com/errata/RHSA-2009-1637.html RedHat Security Advisories: RHSA-2009:1649 https://rhn.redhat.com/errata/RHSA-2009-1649.html RedHat Security Advisories: RHSA-2009:1650 https://rhn.redhat.com/errata/RHSA-2009-1650.html http://www.redhat.com/support/errata/RHSA-2009-1694.html http://www.securitytracker.com/id?1022561 http://www.securitytracker.com/id?1022567 http://www.securitytracker.com/id?1022661 http://secunia.com/advisories/34461 http://secunia.com/advisories/35776 http://secunia.com/advisories/35852 http://secunia.com/advisories/35853 http://secunia.com/advisories/35854 http://secunia.com/advisories/35855 http://secunia.com/advisories/35858 http://secunia.com/advisories/36162 http://secunia.com/advisories/36176 http://secunia.com/advisories/36180 http://secunia.com/advisories/36494 http://secunia.com/advisories/37300 http://secunia.com/advisories/37671 http://secunia.com/advisories/37841 http://secunia.com/advisories/38567 http://secunia.com/advisories/38568 http://secunia.com/advisories/38695 http://secunia.com/advisories/38921 http://secunia.com/advisories/41818 http://secunia.com/advisories/60799 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1 SuSE Security Announcement: SUSE-SA:2009:053 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html SuSE Security Announcement: SUSE-SA:2010:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html https://usn.ubuntu.com/826-1/ http://www.ubuntu.com/usn/USN-903-1 http://www.vupen.com/english/advisories/2009/1900 http://www.vupen.com/english/advisories/2009/1908 http://www.vupen.com/english/advisories/2009/1909 http://www.vupen.com/english/advisories/2009/1911 http://www.vupen.com/english/advisories/2009/2543 http://www.vupen.com/english/advisories/2009/3122 http://www.vupen.com/english/advisories/2010/0366 http://www.vupen.com/english/advisories/2010/0635
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.